Is it possible to encrypt the content of the project files especially the .xaml files? I have tried to edit the XAMLs via notepad and it shows xml tree which can be easily modified by someone with access.
One of my client which is in banking mentioned this re: security and risk policies and wondering how I can comply
Please note that if you are using Orchestrator all projects are packed into .nupkg package. Additionally connection between Orchestrator and Robot is secured via SSL and paired with machine key. So there’s no possible way to change anything.
Keeping/Running projects from Studio as a raw xaml files in Business is not perfect approach.
Sounds like a reasonable idea
We are not using orchestrator, yet. Users also run attended robots(with license) via UiRobot tray.
Well in my scenario, we have .nupkg files under **ProgramData\UiPath\Packages*, downloading it from the UiRobot Tray produce uncompressed project files which has the .XAMLs on **.nuget\packages*. (Is orchestratorXrobot not design like this?)
As stated above, we are running on licensed attended robot via UiRobot Tray. Actually another concern is on the installation of UiPath Studio/UiRobot for Robot users which is related also with the security policies, since XAMLs are accessible, users may try to open this in the UiStudio and also have the power to modify it. (Well, this may be a different thread )
Have you seen this:
You can sign your packages to secure each process from any change. As you see at each step package is checked for any case of discrepancy:
Users which are not admins shouldn’t have possibility to enter to the paths which are not their own files. You can add them Read permission but not Write.
Thanks pablito on this. This maybe one of my option since certificates has private keys.
However, I tried to export a selfsignedcert and used it during publishing but to no avail.
I keep on receiving chain validation failed error and a NU3018: The certificate is not valid for the requested usage. in logs.
I have modified the nuget.config too by adding the author.
I’ve checked here in community but no discussion on this yet.
Edit. Should this work, the concern is the user may edit the current published xaml file using notepad still, am i wrong? This only prevents the next untrusted publish or updates, or do i miss something?
Yes for sure user can edit xaml with notepad. But from my experience with work on huge environments is that users should have access to their profile (read) and their files (read/write) only. They should not be able to see C drive and have access to the files not related to them. The proper GPO setting are the key for the business solution that’s why I’m concerning why they even have possibility to edit xaml in your case.
Published files after decompressing the nupkg files are local under C:\user.nuget\ right? Do you mean to change the folder security settings of the current user to read only?
I believe that installation of uipath community is by user which means even we change this security settings, the user can also revert this security settings. We applied attended robot license for the user fyi.
Hi @Emman_Pelayo - You need to have admin rights to open the files from .nuger folder.
Our setup is we deploy project files using the user account. RPA in this company is driven by the Business Process Management Dept, not by the IT. So we are the one who deploy since we developed RPA solutions. Administrator rights is managed by IT Dept.
@Emman_Pelayo - I am not sure if I got you correctly but what I am trying to say is - The extracted xaml files are secure and can be opened only in admin mode. If the local users who are running the processes do not have admin rights they wont be able to see the code.
If you have noticed some different behavior then please help us with Robot version.
Seems in our setup, local users has admin rights. Would you mean that, the setup should be, the administrator should published the robots/packages in the nuget folder and modify it with read only security for the local user? So the local user will just download these via UiRobot?
Solution is to use Orchestrator. Try the cloud one.
The signing of package depends on nuget.config setup to work in tandem. Otherwise, when a third party obtains the nupkg file is able to run the nupkg file on a UiPath robot does not enforced signed packages only.